PT-2021-9019 · Red Hat · Undertow+2

Published

2021-03-23

Updated

2022-05-03

CVE-2019-19343

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Undertow versions prior to 2.0.25.SP1 jboss-remoting versions prior to 5.0.14.SP1 Red Hat Jboss EAP versions prior to 7.2.4

Description A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to denial of service. This issue is related to the use of Remoting in Undertow.

Recommendations For Undertow versions prior to 2.0.25.SP1, update to version 2.0.25.SP1 or later to resolve the issue. For jboss-remoting versions prior to 5.0.14.SP1, update to version 5.0.14.SP1 or later to resolve the issue. For Red Hat Jboss EAP versions prior to 7.2.4, update to version 7.2.4 or later to resolve the issue.

Fix

DoS

Improper Resource Release

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-400

Related Identifiers

CVE-2019-19343

Affected Products

Red Hat Jboss Eap

Undertow

Jboss-Remoting

PT-2021-9019 · Red Hat · Undertow+2

CVE-2019-19343

Weakness Enumeration

Related Identifiers

Affected Products

References · 12